summaryrefslogtreecommitdiff
path: root/ppc/sha1.c
diff options
context:
space:
mode:
authorLibravatar Jeff King <peff@peff.net>2021-08-09 18:48:48 -0400
committerLibravatar Junio C Hamano <gitster@pobox.com>2021-08-10 11:37:36 -0700
commitc4d5907324394228e08a42589a044fa14d7ffdcc (patch)
tree24cbee8881a34f847b4c1ce74511ddfed2c6121b /ppc/sha1.c
parentrange-diff: handle unterminated lines in read_patches() (diff)
downloadtgif-c4d5907324394228e08a42589a044fa14d7ffdcc.tar.xz
range-diff: use ssize_t for parsed "len" in read_patches()
As we iterate through the buffer containing git-log output, parsing lines, we use an "int" to store the size of an individual line. This should be a size_t, as we have no guarantee that there is not a malicious 2GB+ commit-message line in the output. Overflowing this integer probably doesn't do anything _too_ terrible. We are not using the value to size a buffer, so the worst case is probably an out-of-bounds read from before the array. But it's easy enough to fix. Note that we have to use ssize_t here, since we also store the length result from parse_git_diff_header(), which may return a negative value for error. That function actually returns an int itself, which has a similar overflow problem, but I'll leave that for another day. Much of the apply.c code uses ints and should be converted as a whole; in the meantime, a negative return from parse_git_diff_header() will be interpreted as an error, and we'll bail (so we can't handle such a case, but given that it's likely to be malicious anyway, the important thing is we don't have any memory errors). Signed-off-by: Jeff King <peff@peff.net> Acked-by: Derrick Stolee <dstolee@microsoft.com> Signed-off-by: Junio C Hamano <gitster@pobox.com>
Diffstat (limited to 'ppc/sha1.c')
0 files changed, 0 insertions, 0 deletions